Jun 102019

Rachel Smith reports:

Parents of Hopkins County schoolchildren were greeted with a message from the school board Thursday morning alerting them of a data security breach. Because of a school board staff member’s password-protected account being compromised, a currently unidentified user had access to a countywide database, which contains the names, dates of birth and Social Security numbers of about 7,000 students, according to school officials.

While there is no current evidence the user obtained students’ personal information, school board officials cannot say for certain the information was not accessed.

Read more on The Messenger.

Jun 102019

Justin Paine reports:

While searching Shodan, I recently discovered an ElasticSearch database without any authentication. This database contained metadata related to a huge amount of emails. It was eventually confirmed that this server and the email metadata was controlled by a large university located in China. I would like to thank the university’s security team for their prompt action to secure this data once notified. As far as I am aware they have not notified the impacted students though.

Read more on Rainbowtabl.es

Jun 062019

Ann Costantino reports:

A massive security flaw has been detected that allowed unrestricted access to highly sensitive records pertaining to students, staff and internal school system data on a Baltimore County Public Schools (BCPS) public facing website.

The system’s BCPS One/Schoology platform, where students are able to access classes, grades and academic resources online, is the source of the breach where anyone with a password – including students, parents, and staff members – have had access to personal student and staff member information, as well as some sensitive school system records.

Some records found go back to the 2008 – 2009 school year.

Read more on The Baltimore Post.

h/t, Cheri Kiesecker

Jun 042019

ABC in Australia reports:

The Australian National University has been hit by a massive data hack, with unauthorised access to significant amounts of personal details dating back 19 years.

A sophisticated operator accessed the ANU’s systems illegally in late 2018 but the breach was only detected two weeks ago, the university said in a statement.

Based on student numbers over that time, as well as staff turnover, the university has estimated approximately 200,000 people were affected by the breach.

Read more on ABC.